ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code to Music

v1.0.0

把代码文件转换成音乐 — 分析代码结构特征(行数、函数、缩进、关键字等),映射成音乐参数(BPM、调性、乐器、节奏),调用 MiniMax music-2.6 API 生成独一无二的"代码交响曲"。适合给老大玩、记录代码、或者纯粹中二一下。

0· 57·0 current·0 all-time
by@besty0121

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for besty0121/code-to-music.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Code to Music" (besty0121/code-to-music) from ClawHub.
Skill page: https://clawhub.ai/besty0121/code-to-music
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install code-to-music

ClawHub CLI

Package manager switcher

npx clawhub@latest install code-to-music
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the included script: it analyzes a local code file for structural features and sends generated prompts/lyrics to a MiniMax music generation API. Requesting an API key for MiniMax is appropriate for this purpose. However, registry metadata lists no required env vars while SKILL.md instructs the user to set MINIMAX_API_KEY and MINIMAX_API_HOST — a mismatch between declared metadata and runtime requirements.
Instruction Scope
SKILL.md's runtime instructions are limited and consistent with the purpose: set an API key/host and run the script against a code file. The script reads only the specified code file, computes structural metrics, maps them to musical parameters, and sends a prompt and lyrics to an external API; it does not upload the raw code. The instructions do tell users to set MINIMAX_API_HOST, but the bundled script does not actually use that env var (it hardcodes API_URL).
Install Mechanism
There is no install spec (instruction-only plus a Python script included). Nothing is downloaded or executed on install; risk from install mechanism is low.
!
Credentials
The runtime needs a single third‑party API credential (MINIMAX_API_KEY), which is proportionate to the functionality. But the registry metadata declares no required env vars while SKILL.md asks for MINIMAX_API_KEY and MINIMAX_API_HOST; the script only uses MINIMAX_API_KEY and ignores MINIMAX_API_HOST. This mismatch (undocumented required secret + unused HOST var) is sloppy and should be fixed before trusting the skill. Also note that the script sends derived code metrics (counts, BPM mapping, lyrics/prompt) to the external API — not raw code, but this still leaks high-level information about your codebase.
Persistence & Privilege
The skill is not marked always:true and requests no special system privileges or config paths. It's user-invocable and does not persist or modify other skills' settings.
What to consider before installing
Before installing or running: (1) Be aware the script sends derived code metrics and a generated prompt/lyrics to an external service (api.minimaxi.com) — it does not upload the raw file, but it still leaks structural metadata about your code. Avoid running on sensitive or proprietary code unless you trust the MiniMax service and the API key's scope. (2) The SKILL.md asks you to set MINIMAX_API_KEY and MINIMAX_API_HOST, but the registry metadata does not declare these env vars and the bundled script only uses MINIMAX_API_KEY (it ignores MINIMAX_API_HOST). Ask the publisher to correct the metadata or update the code to actually honor a custom host if intended. (3) Verify the API endpoint and owner — there is no homepage/source listed in the registry, which lowers confidence in provenance. (4) Test with a small, non-sensitive file first and confirm expected behavior. (5) If you need stricter privacy, consider modifying the script locally to avoid sending any derived data externally or to run against an in-house/mocked endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ec40gqh5653fy1wjpjgsbbx851tyn
57downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@besty0121
latest
Download

Code to Music — 代码交响曲

把代码文件转成音乐,听起来像什么由代码结构决定。

工作原理

代码特征 → 音乐参数的映射:

代码特征音乐参数说明
总行数BPM行数越多→节奏越快
最大缩进深度调性深缩进→低音调,浅→高音调
函数数量乐器丰富度函数越多→乐器越丰富
关键字数量节奏复杂度关键字越多→节奏越碎
字符串数量情绪张力字符串多→更戏剧化
注释比例人声比例注释多→加入人声和声

使用方法

1. 准备

确保环境变量已配置:

set MINIMAX_API_KEY=your-api-key
set MINIMAX_API_HOST=https://api.minimaxi.com

2. 运行

python scripts/code2music.py "代码文件路径" [输出路径]

示例:

# 生成音乐到默认路径
python scripts/code2music.py "C:\project\app.js"

# 指定输出路径
python scripts/code2music.py "C:\project\app.js" "C:\music\my_code.mp3"

3. 听取

生成完成后,文件保存在 code_symphony.mp3,直接用播放器打开即可。

示例输出

content.js(333行,115函数)为例:

  • BPM: 126
  • 调性: G major
  • 乐器: piano, strings, brass ensemble
  • 情绪: dramatic, emotional crescendo
  • 人声: whispers

生成约 1.1MB 的 MP3 文件。

依赖

  • Python 3.x
  • requests 库
  • MiniMax API Key(需要 music-2.6 权限)

限制

  • MiniMax music-2.6 模型需要账号有音乐生成额度
  • 歌词固定为英文(后续可扩展多语言)
  • 最大支持文件大小视 API 限制而定

Comments

Loading comments...